summaryrefslogtreecommitdiff
path: root/tcpdump.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't run past the snapshot length when doing hex/ASCII dumps.Guy Harris2015-01-061-0/+5
|
* More strictly check for numbers as arguments to -i.Guy Harris2012-09-271-5/+4
| | | | | | Use strtol() and only treat the argument as a number if it's *all* number, so that interface names such as 192_1_2 aren't treated as "interface number 192".
* Use PATH_MAX, not NAME_MAX.Guy Harris2012-09-271-12/+12
| | | | | | | | | | | NAME_MAX is the maximum length of a file pathname *component*; PATH_MAX is the maximum length of a file pathname. We're dealing with pathnames, so use PATH_MAX. (On some systems, NAME_MAX can be as low as 14, presumably for binary compatibility with V7-era data structures containing file names, as there are probably few if any non-historic UN*Xes around with 14-character file name limitations.) Boost the default PATH_MAX to 1024 while we're at it.
* Back out DLT_PFSYNC support.Guy Harris2012-02-291-3/+0
| | | | | | Unfortunately, the DLT_PFSYNC support depends on header files included from the pfctl command's source tree, and trying to arrange to find that would be too much trouble.
* Add DLT_PFSYNC support.Guy Harris2012-02-291-0/+3
| | | | | | From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data, which in turn was ported over from OpenBSD. We already have CARP support, so we did not port that part over.
* tcpdump now accepts SIGUSR1 as a signal to print the statistics on systems ↵Kenichi Maehashi2012-02-071-4/+10
| | | | that does not support SIGINFO
* Add a CARP dissector and a command-line option to dissect proto 112 as CARP.George Neville-Neil2011-11-231-0/+2
| | | | | | | CARP and VRRP both use IP protocol number 112, so there needs to be a -T flag to specify that protocol 112 be dissected as CARP rather than VRRP. Also update the man page.
* Change name of Hilscher link types to say NETANALYER.Guy Harris2011-09-151-4/+4
| | | | | That makes the names a bit shorter, and mentions the specific Hilscher product to which they apply.
* Add printers for the Hilscher Ethernet link-layer types.Guy Harris2011-09-151-0/+6
|
* Note that ndo_error doesn't, and *ndo_error shouldn't, return.Guy Harris2011-06-241-1/+2
| | | | | Tcpdump's ndo_error() doesn't return. Any other ndo_error routine supplied to netdissect shouldn't, either, as printers expect it not to.
* Use "-H", not "-h", for the 802.11s option, and improve error reporting.Guy Harris2011-06-211-4/+7
| | | | | | | | I was rudely surprised to find that "tcpdump -h" wasn't printing a usage message, and I'm the person who *added* the "-h" option. Make it "-H", and add an explicit "-h" option to print a usage message, so nobody else makes the same mistake. Also, don't clear opterr, so that if you give an illegal command-line option, you get an explanatory error message.
* From: Darren Reed <darren.reed@oracle.com>Michael Richardson2011-05-031-6/+5
| | | | | | | | | | | | | | | To: tcpdump-workers@lists.tcpdump.org Date: Sat, 09 Apr 2011 12:51:14 +1000 Subject: [tcpdump-workers] Printing PPI packets Printing PPI packets with tcpdump does not turn out to be that hard. My simple tests have produced the output as below. It would be worthwhile having some changes made into the tcpdump code base that were similar to the attached that print them out.
* Fix plurals in packet count messages.Guy Harris2011-03-081-5/+8
| | | | | | | | Based on a patch from cr4ckn@sourceforge.net, but with a macro PLURAL_SUFFIX() defined to return either "s" or "" (rather than possibly printing a NUL character with %c), and with that macro used in a couple of cases where the equivalent had been done by hand, and with one case the patch missed fixed as well.
* Add support for nommu systems.Guy Harris2010-11-301-7/+18
| | | | | | | | | | | | | Rather than hardcode the WIN32 define, add proper fork checks to the configure script and check those. This fixes building for nommu systems which lack the fork function. While we're here though, add support for this functionality via vfork so that it does work on nommu systems. And fix an old bug where we exit properly in the forked child when the exec failed instead of just returning to the calling code (which isn't expecting it). Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Switch user ID/root directory with -Z before opening savefiles for output.Paul Ferrell2010-11-061-10/+25
| | | | | | | | | | In addition to Paul's change, I added a comment explaining why we do this, and explaining that doing so after opening the first savefile doesn't help with subsequent savefiles, so you'll have to come up with a better fix if you want the savefiles opened by the original UID or outside the chroot. Reviewed-By: Guy Harris <guy@alum.mit.edu>
* reworked print-ether to use netdissectMichael Richardson2010-10-071-1/+1
|
* Document -j and -J. List -h in the usage message.Guy Harris2010-08-231-1/+1
|
* Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.Guy Harris2010-08-221-0/+3
|
* Print a -L-like header for -J.Guy Harris2010-08-221-0/+7
|
* Add support for setting the time stamp type for a capture.Guy Harris2010-08-221-11/+76
| | | | | | Based on a patch from Scott Mcmillan <scott.a.mcmillan@intel.com>. While we're at it, make some error messages a bit less geeky.
* If -U is specified, flush the file after creating it, so it's not zero-length.Romain Francoise2010-06-051-0/+4
| | | | | | | | | | Reading from a capture file that has not yet received any packets fails with "truncated dump file"; to avoid this, flush the file (forcing the pcap header out) immediately after opening it. (Added Romain to the credits.) Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Add a -h flag, and only attempt to recognize 802.11s mesh headers if it's set.Guy Harris2010-05-271-1/+5
| | | | | | | | | | | | | | | | | I give up. I have no access to the 802.11s drafts, I can't find anything that suggests whether a heuristic check for an 802.11s header should check for To DS and From DS both being set or either being set or unset, or whether it should check for a QoS frame type (the examples in all the documentation I can find have To DS and From DS set, and have a QoS field, in the 802.11 header, but that might just be an example 802.11 header showing all the fields), so I'm just adding a -h command-line flag; you need to specify it to get tcpdump to try to guess whether a frame has a mesh header or not. I'll leave it up to somebody else to figure out what the best heuristic for detecting the presence of mesh headers is (note that tcpdump and Wireshark have different heuristics, both of which can probably get false positives, especially with encrypted frames where the first payload byte just *happens* not to have any of the reserved bits in the mesh header flags set).
* Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdumpMichael Richardson2010-05-131-1/+1
|\
| * When printing the link-layer type list, send *all* output to stderr.Guy Harris2010-05-071-1/+1
| |
* | moved ieee802.15.4 to NDO systemMichael Richardson2010-05-131-3/+3
| |
* | tcpdump.c: fix merge error: ieee802_15_4_if_print isn't a new style printerDmitry Eremin-Solenikov2010-03-091-3/+3
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge remote branch 'origin/master'Dmitry Eremin-Solenikov2010-03-091-39/+131
|\ \ | |/
| * tcpdump.c: mark several variables as staticKovarththanan Rajaratnam2010-02-201-3/+3
| |
| * Recognize -b as a flag.Guy Harris2010-02-081-1/+2
| |
| * Mention the b flag in the usage message.Guy Harris2010-02-081-1/+1
| |
| * Handle the 48-byte and 64-byte Linux USB headers differently; for now,Guy Harris2010-01-251-6/+8
| | | | | | | | the difference isn't major, but it might be more important later.
| * raw_if_print() isn't yet a new-style print routine.Guy Harris2010-01-101-6/+6
| |
| * This commit makes ipnet_if_print the first NDO aware top-levelMichael Richardson2010-01-101-18/+47
| |\ | | | | | | | | | | | | | | | | | | | | | printer. Merge commit 'origin/master' Conflicts: netdissect.h
| | * Add support for DLT_IPV4 and DLT_IPV6.Guy Harris2010-01-041-14/+20
| | | | | | | | | | | | While we're at it, clean up some whitespace.
| | * When printing a list of link-layer types for -L, give the name of theGuy Harris2009-12-011-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | device for which they're being reported, so if no -i flag was given people don't think it's something such as the union of of all link-layer types supported by all devices, and, if we can determine whether the device supports monitor mode (with libpcap 1.0.0 and later), indicate whether the link-layer types are the ones supported when not in monitor mode (if -I wasn't specified) or when in monitor mode (if -I was specified), so people don't wonder why some types aren't available (as some are available only in monitor mode, and others are available only when not in monitor mode, on some platforms).
| * | make new list of printers that take ndo argument, and use it as appropriateMichael Richardson2010-01-101-13/+56
| |/
| * The patches attached to this email are required to get a fully working tcpdumpDarren Reed2009-11-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on OpenSolaris, or Solaris Express Community Edition, build 125 and later. The attached patch introduces support for printing out the IPNET headers used for packet capture inside of zones that share their networking with the global zone and for packets "transmitted" between zones. tcpdump 4.0.0 will ship with builds 129 and later of OpenSolaris/SXCE and when run as root with the '-L' option, should behave as below to indicate that the system is fully functional: Data link types (use option -y to set): DOCSIS (DOCSIS) (printing not supported) IPNET (Solaris IPNET) EN10MB (Ethernet) Cheers, Darren
| * Report ps_ifdrop if it's non-zero.Guy Harris2009-09-071-1/+15
| |
* | Add support for IEEE 802.15.4 packetsDmitry Eremin-Solenikov2009-08-091-0/+3
|/ | | | | | Add a dummy printer for ieee 802.15.4 pakets. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* From Karl Norby: print the unsigned packet statistics with %u, not %d.Guy Harris2009-07-311-2/+2
|
* execlp() is a varargs function, so if NULL is defined as 0, the compilerGuy Harris2009-06-091-1/+1
| | | | | doesn't know that it needs to be converted to a null pointer constant; add an explicit cast.
* Based on a fix from Miroslav Lichvar: don't crash with "-i <num>" ifGuy Harris2009-04-281-5/+11
| | | | there are no interfaces available.
* From Robert Edmonds: free the string that contains the filter as soon asGuy Harris2009-04-181-0/+1
| | | | we're done with it.
* From Bert Vermeulen: add a USB printer, and fix the error messageGuy Harris2009-04-041-2/+8
| | | | | | | printed when trying to print packets for a DLT_ for which we don't have a printer to indicate that you can still save to a capture file in that case. (Slightly changed not to require DLT_USB_LINUX_MMAPPED to be defined, for older libpcaps that only define DLT_USB_LINUX.)
* Make the default snapshot length the maximum; add a #define for theGuy Harris2009-03-051-2/+2
| | | | | | | | maximum. Get rid of redundant definition of DEFAULT_SNAPLEN in interface.h. Update the documentation.
* from Anantharamu Suryanarayana: add 4-byte AS support to the BGP printerHannes Gredler2009-01-201-0/+3
|
* We support building tcpdump with versions of libpcap other than the oneguy2008-09-251-2/+2
| | | | | | | | | | | | | | with which it was released, and DLT_BLUETOOTH_HCI_H4_WITH_PHDR might be defined by pcap-bpf.h without pcap/bluetooth.h being present (as appears to be the case on Fedora 9, for example), so check whether <pcap/bluetooth.h> is usable. Update a comment - F9 appears to have a "/usr/include/pcap.h" if you install the libpcap headers. When adding -I flags when running a compiler-based test, add them to CPPFLAGS, not CFLAGS - the latter doesn't work right with AC_CHECK_HEADERS, as the "gcc -E" run doesn't have the -I flags added.
* add infrastructure for verifiying the HMAC-MD5 digest in routing protocols.hannes2008-08-161-2/+2
| | | | | | | The shared secret is passed using the already existing -M option which is used for TCP-MD5 checking. add initial supoort for RSVP Integrity object verification.
* pcap_errtostr() was renamed pcap_statustostr().guy2008-04-091-9/+28
| | | | | pcap_activate() can return positive values as warnings, not just 0, on success; log warnings in those cases.
* If we get PCAP_ERROR_NO_SUCH_DEVICE or PCAP_ERROR_PERM_DENIED fromguy2008-04-091-2/+8
| | | | | | | | | pcap_activate(), and there's a non-null error string returned by pcap_geterr(), print it as part of the error message, as it might contain information useful when debugging the problem. If we get PCAP_ERROR, just print the error string from pcap_geterr(), not the device name, as the error string will contain the device name.
View Lorry Controller Status